Hi



Im developing an App in ASP using SQLServer, its envisaged that there

will between 500 - 1000 users.

The app is an LMS and contains users of many different types and

permissions eg administrators to create accounts trainers to manage

trainees, trainees who take courses etc.

Version 1 of the app simply held all user details in a Users table,

however this time round we're considering holding the logon username and

password as a DB user, and holding all other account details in the

Users table.  The reasons being so we can log in detail all actions of

individual in details and without running asp code through the app, and

also to immediately apply table permissions on each user type- thus

adding security into the system etc etc.



So my question is, is this the norm, are there other advantages/

disadvantages to this method, I'd like to have all the info possible

before taking this path.



Any comments would be greatly appreciated.



Louise